Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability
Vulnerability Description
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
对搜索路径元素未加控制
Vulnerability Title
Cisco AnyConnect Secure Mobility Client for Windows 代码问题漏洞
Vulnerability Description
Cisco AnyConnect Secure Mobility Client for Windows是美国思科(Cisco)公司的一款基于Windows平台的可通过任何设备安全访问网络和应用的安全移动客户端。 Cisco AnyConnect Secure Mobility Client for Windows 4.9.00086之前版本中的IPC通道存在代码问题漏洞,该漏洞源于程序充分验证所加载的资源。本地攻击者可通过发送特制的IPC消息利用该漏洞以SYSTEM权限执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A